MDKSA-2007:048

Problembeschreibung

A number of vulnerabilities were discovered in PHP language.

Many buffer overflow flaws were discovered in the PHP session
extension, the str_replace() function, and the imap_mail_compose()
function. An attacker able to use a PHP application using any of
these functions could trigger these flaws and possibly execute
arbitrary code as the apache user (CVE-2007-0906).

A one-byte memory read will always occur prior to the beginning of a
buffer, which could be triggered, for example, by any use of the
header() function in a script (CVE-2007-0907).

The wddx extension, if used to import WDDX data from an untrusted
source, may allow a random portion of heap memory to be exposed due
to certain WDDX input packets (CVE-2007-0908).

The odbc_result_all() function, if used to display data from a
database,
and if the contents of the database are under the control of an
attacker, could lead to the execution of arbitrary code due to a format
string vulnerability (CVE-2007-0909).

The zend_hash_init() function can be forced into an infinite loop
if unserializing untrusted data on a 64-bit platform, resulting in
the consumption of CPU resources until the script timeout alarm aborts
the execution of the script (CVE-2007-0988).